Improper Control of Dynamically-Managed Code Resources in Crafter Studio

4.5 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).

Basic Information

ID CVE-2026-1770

Source crafter

Published Feb 2, 2026 at 16:16

Modified Feb 2, 2026 at 16:38

Affected Product

Vendor CrafterCMS

Product CrafterCMS

Version 4.0.0

Affected Versions CrafterCMS CrafterCMS 4.0.0

CWE Classification

CWE-913

References

docs.craftercms.org /current/security/advisory.html

{
    "lastseen": "",
    "description": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).",
    "published": "2026-02-02T16:16:01.466Z",
    "modified": "2026-02-02T16:38:59.620Z",
    "type": "cve",
    "title": "Improper Control of Dynamically-Managed Code Resources in Crafter Studio",
    "source": "crafter",
    "references": "https://docs.craftercms.org/current/security/advisory.html#cv-2026020201",
    "id": "CVE-2026-1770",
    "bulletinFamily": "",
    "cwe": [
        "CWE-913"
    ],
    "cvelist": null,
    "sourceData": "CrafterCMS CrafterCMS 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.5,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CrafterCMS",
    "version": "4.0.0",
    "vendor": "CrafterCMS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Improper Control of Dynamically-Managed Code Resources in Crafter Studio_CVE-2026-1770